[openssl.org #2495] enable PEM_write_DSAPublicKey
Hi, Is there any reason why PEM_write_DSAPublicKey() is not enabled in pem_all.c? We'd like to use this in OpenSSH. Index: crypto/pem/pem.h === RCS file: /cvs/src/lib/libssl/src/crypto/pem/pem.h,v retrieving revision 1.10 diff -u -p -r1.10 pem.h --- crypto/pem/pem.h1 Oct 2010 22:58:56 - 1.10 +++ crypto/pem/pem.h8 Apr 2011 20:55:11 - @@ -488,6 +488,7 @@ DECLARE_PEM_rw(RSA_PUBKEY, RSA) DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) +DECLARE_PEM_rw_const(DSAPublicKey, DSA) DECLARE_PEM_rw(DSA_PUBKEY, DSA) DECLARE_PEM_rw_const(DSAparams, DSA) Index: crypto/pem/pem_all.c === RCS file: /cvs/src/lib/libssl/src/crypto/pem/pem_all.c,v retrieving revision 1.8 diff -u -p -r1.8 pem_all.c --- crypto/pem/pem_all.c1 Oct 2010 22:58:56 - 1.8 +++ crypto/pem/pem_all.c8 Apr 2011 20:55:11 - @@ -224,6 +224,7 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, } IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) +IMPLEMENT_PEM_rw_const(DSAPublicKey, DSA, PEM_STRING_DSA_PUBLIC, DSAPublicKey) IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) #ifndef OPENSSL_NO_FP_API __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #2366] pkeyutl SEGV
Hi,
openssl pkeyutl -peerform will SEGV due to dereferencing the NULL
termination of the argv array, here's a fix:
Index: pkeyutl.c
===
RCS file: /cvs/src/lib/libssl/src/apps/pkeyutl.c,v
retrieving revision 1.1.1.2
diff -u -p -r1.1.1.2 pkeyutl.c
--- pkeyutl.c 1 Oct 2010 22:54:01 - 1.1.1.2
+++ pkeyutl.c 13 Oct 2010 21:27:07 -
@@ -119,17 +119,17 @@ int MAIN(int argc, char **argv)
if (!strcmp(*argv,-in))
{
if (--argc 1) badarg = 1;
-infile= *(++argv);
+else infile= *(++argv);
}
else if (!strcmp(*argv,-out))
{
if (--argc 1) badarg = 1;
- outfile= *(++argv);
+ else outfile= *(++argv);
}
else if (!strcmp(*argv,-sigfile))
{
if (--argc 1) badarg = 1;
- sigfile= *(++argv);
+ else sigfile= *(++argv);
}
else if(!strcmp(*argv, -inkey))
{
@@ -159,17 +159,17 @@ int MAIN(int argc, char **argv)
else if (!strcmp(*argv,-passin))
{
if (--argc 1) badarg = 1;
- passargin= *(++argv);
+ else passargin= *(++argv);
}
else if (strcmp(*argv,-peerform) == 0)
{
if (--argc 1) badarg = 1;
- peerform=str2fmt(*(++argv));
+ else peerform=str2fmt(*(++argv));
}
else if (strcmp(*argv,-keyform) == 0)
{
if (--argc 1) badarg = 1;
- keyform=str2fmt(*(++argv));
+ else keyform=str2fmt(*(++argv));
}
#ifndef OPENSSL_NO_ENGINE
else if(!strcmp(*argv, -engine))
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
[openssl.org #1835] PATCH: typos
typo fixes that have accrued in OpenBSD's import of OpenSSL over
the years
Index: MacOS/GetHTTPS.src/ErrorHandling.hpp
===
RCS file: /cvs/src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.hpp,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -p -r1.1.1.1 -r1.2
--- MacOS/GetHTTPS.src/ErrorHandling.hpp5 Sep 2002 12:51:29 -
1.1.1.1
+++ MacOS/GetHTTPS.src/ErrorHandling.hpp26 May 2007 00:36:03 -
1.2
@@ -29,7 +29,7 @@ OSErr AppendErrorMessageToHandle(Handle
-// A bunch of evil macros that would be uneccessary if I were always using
C++ !
+// A bunch of evil macros that would be unnecessary if I were always using
C++ !
#define SetErrorMessageAndBailIfNil(theArg,theMessage)
\
{
\
Index: crypto/asn1/a_bytes.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/asn1/a_bytes.c,v
retrieving revision 1.1.1.4
retrieving revision 1.8
diff -u -p -r1.1.1.4 -r1.8
--- crypto/asn1/a_bytes.c 6 Sep 2008 12:15:39 - 1.1.1.4
+++ crypto/asn1/a_bytes.c 6 Sep 2008 12:17:48 - 1.8
@@ -79,7 +79,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_ST
if (tag = 32)
{
- i=ASN1_R_TAG_VALUE_TOO_HIGH;;
+ i=ASN1_R_TAG_VALUE_TOO_HIGH;
goto err;
}
if (!(ASN1_tag2bit(tag) type))
Index: crypto/asn1/t_x509.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/asn1/t_x509.c,v
retrieving revision 1.1.1.5
retrieving revision 1.11
diff -u -p -r1.1.1.5 -r1.11
--- crypto/asn1/t_x509.c9 Jan 2009 12:13:51 - 1.1.1.5
+++ crypto/asn1/t_x509.c9 Jan 2009 12:15:27 - 1.11
@@ -332,7 +332,7 @@ int X509_signature_print(BIO *bp, X509_A
int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
{
int i,n;
- char buf[80],*p;;
+ char buf[80],*p;
if (v == NULL) return(0);
n=0;
Index: crypto/bn/bntest.c
===
RCS file: /cvs/src/lib/libssl/src/crypto/bn/bntest.c,v
retrieving revision 1.1.1.7
retrieving revision 1.12
diff -u -p -r1.1.1.7 -r1.12
--- crypto/bn/bntest.c 6 Sep 2008 12:15:41 - 1.1.1.7
+++ crypto/bn/bntest.c 6 Sep 2008 12:17:49 - 1.12
@@ -926,7 +926,7 @@ int test_mod_exp(BIO *bp, BN_CTX *ctx)
BN_bntest_rand(b,2+i,0,0); /**/
if (!BN_mod_exp(d,a,b,c,ctx))
- return(00);
+ return(0);
if (bp != NULL)
{
@@ -1028,7 +1028,7 @@ int test_exp(BIO *bp, BN_CTX *ctx)
BN_bntest_rand(b,2+i,0,0); /**/
if (!BN_exp(d,a,b,ctx))
- return(00);
+ return(0);
if (bp != NULL)
{
Index: crypto/des/times/usparc.cc
===
RCS file: /cvs/src/lib/libssl/src/crypto/des/times/usparc.cc,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -p -r1.1.1.1 -r1.2
--- crypto/des/times/usparc.cc 5 Oct 1998 20:12:45 - 1.1.1.1
+++ crypto/des/times/usparc.cc 29 Mar 2005 17:29:10 - 1.2
@@ -2,7 +2,7 @@ solaris 2.5.1 usparc 167mhz?? - SC4.0 cc
For the ultra sparc, SunC 4.0 cc -fast -Xa -xO5, running 'des_opts'
gives a speed of 475,000 des/s while 'speed' gives 417,000 des/s.
-I belive the difference is tied up in optimisation that the compiler
+I believe the difference is tied up in optimisation that the compiler
is able to perform when the code is 'inlined'. For 'speed', the DES
routines are being linked from a library. I'll record the higher
speed since if performance is everything, you can always inline
Index: crypto/ripemd/README
===
RCS file: /cvs/src/lib/libssl/src/crypto/ripemd/README,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -p -r1.1.1.1 -r1.2
--- crypto/ripemd/README5 Oct 1998 20:12:41 - 1.1.1.1
+++ crypto/ripemd/README29 Mar 2005 17:29:10 - 1.2
@@ -4,7 +4,7 @@ http://www.esat.kuleuven.ac.be/~bosselae
This is my implementation of RIPEMD-160. The pentium assember is a little
off the pace since I only get 1050 cycles, while the best is 1013.
I have a few ideas for how to get another 20 or so cycles, but at
-this point I will not bother right now. I belive the trick will be
+this point I will not bother right now. I believe the trick will be
to remove my 'copy X array onto stack' until inside the RIP1() finctions
Re: [openssl.org #1831] PATCH: openssl rand -hex
On Sun, 1 Feb 2009, Bodo Moeller via RT wrote: [...@mindrot.org - Fr. 30. Jan. 2009, 11:52:17]: This patch adds a -hex option to the rand app. E.g. $ openssl rand -hex 8 d203552d5eb39e76 What is the rationale of not having a newline at the end? It's text, after all? no rationale, just an oversight. -d __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #1831] PATCH: openssl rand -hex
On Sun, 1 Feb 2009, Bodo Moeller via RT wrote: What is the rationale of not having a newline at the end? It's text, after all? no rationale, just an oversight. So ... I was going to add the newline while working on the patch, but then it occurred to me as you said this comes from OpenBSD CVS I might be breaking something there. No risk then? we'll cope ;) -d __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #1831] PATCH: openssl rand -hex
On Sun, 1 Feb 2009, Bodo Moeller via RT wrote: we'll cope ;) Here's my version of the patch. Let me know if it looks OK for you. looks good to me -d __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
[openssl.org #1831] PATCH: openssl rand -hex
Hi,
This patch adds a -hex option to the rand app. E.g.
$ openssl rand -hex 8
d203552d5eb39e76
Patch is from Matthieu Herrb (matth...@openbsd.org) via OpenBSD CVS.
-d
Index: apps/rand.c
===
RCS file: /cvs/src/lib/libssl/src/apps/rand.c,v
retrieving revision 1.1.1.3
retrieving revision 1.6
diff -u -p -r1.1.1.3 -r1.6
--- apps/rand.c 6 Sep 2008 12:15:38 - 1.1.1.3
+++ apps/rand.c 6 Sep 2008 12:17:47 - 1.6
@@ -69,6 +69,7 @@
/* -out file - write to file
* -rand file:file - PRNG seed files
* -base64 - encode output
+ * -hex - hex encode output
* num - write 'num' bytes
*/
@@ -84,6 +85,7 @@ int MAIN(int argc, char **argv)
char *outfile = NULL;
char *inrand = NULL;
int base64 = 0;
+ int hex = 0;
BIO *out = NULL;
int num = -1;
#ifndef OPENSSL_NO_ENGINE
@@ -133,6 +135,13 @@ int MAIN(int argc, char **argv)
else
badopt = 1;
}
+ else if (strcmp(argv[i], -hex) == 0)
+ {
+ if (!hex)
+ hex = 1;
+ else
+ badopt = 1;
+ }
else if (isdigit((unsigned char)argv[i][0]))
{
if (num 0)
@@ -148,6 +157,9 @@ int MAIN(int argc, char **argv)
badopt = 1;
}
+ if (hex base64)
+ badopt = 1;
+
if (num 0)
badopt = 1;
@@ -161,6 +173,7 @@ int MAIN(int argc, char **argv)
#endif
BIO_printf(bio_err, -rand file%cfile%c... - seed PRNG from
files\n, LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
BIO_printf(bio_err, -base64 - encode output\n);
+ BIO_printf(bio_err, -hex - hex encode
output\n);
goto err;
}
@@ -210,7 +223,13 @@ int MAIN(int argc, char **argv)
r = RAND_bytes(buf, chunk);
if (r = 0)
goto err;
- BIO_write(out, buf, chunk);
+ if (!hex)
+ BIO_write(out, buf, chunk);
+ else {
+ int i;
+ for (i = 0; i chunk; i++)
+ BIO_printf(out, %02x, buf[i]);
+ }
num -= chunk;
}
(void)BIO_flush(out);
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
[openssl.org #1832] PATCH: force IPv4/IPv6 for s_client
Hi,
This diff changes the s_client and s_server apps to use getaddrinfo
for address parsing rather than manual IPv4 parsing and gethostbyname.
This allows specification of port by name:
openssl s_client -connect bugzilla.mindrot.org:https
But the main point is to support IPv6. You can now specify an IPv6
address explicitly (using '/' as a port separator to avoid ambiguity)
or use DNS names with IPv6 A records listed. s_client gets new -4 and
-6 options to force the issue when a host resolves to both IPv4 and
IPv6 addresses.
diff is against 0.9.8j, it has been in OpenBSD for a couple of years
now.
-d
Index: apps/s_apps.h
===
RCS file: /cvs/src/lib/libssl/src/apps/s_apps.h,v
retrieving revision 1.1.1.4
retrieving revision 1.8
diff -u -p -r1.1.1.4 -r1.8
--- apps/s_apps.h 6 Sep 2008 12:15:38 - 1.1.1.4
+++ apps/s_apps.h 6 Sep 2008 12:20:16 - 1.8
@@ -156,10 +156,10 @@ int MS_CALLBACK verify_callback(int ok,
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
#endif
-int init_client(int *sock, char *server, int port, int type);
+int init_client(int *sock, char *server, char *port, int type, int af);
int should_retry(int i);
int extract_port(char *str, short *port_ptr);
-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
+int extract_host_port(char *str,char **host_ptr,unsigned char *ip,char **p);
long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
int argi, long argl, long ret);
Index: apps/s_client.c
===
RCS file: /cvs/src/lib/libssl/src/apps/s_client.c,v
retrieving revision 1.1.1.8
diff -u -p -r1.1.1.8 s_client.c
--- apps/s_client.c 9 Jan 2009 12:13:49 - 1.1.1.8
+++ apps/s_client.c 30 Jan 2009 03:45:08 -
@@ -109,6 +109,8 @@
*
*/
+#include sys/types.h
+#include netinet/in.h
#include assert.h
#include stdio.h
#include stdlib.h
@@ -192,6 +194,8 @@ static void sc_usage(void)
{
BIO_printf(bio_err,usage: s_client args\n);
BIO_printf(bio_err,\n);
+ BIO_printf(bio_err, -4- Force IPv4\n);
+ BIO_printf(bio_err, -6- Force IPv6\n);
BIO_printf(bio_err, -host host - use -connect instead\n);
BIO_printf(bio_err, -port port - use -connect instead\n);
BIO_printf(bio_err, -connect host:port - who to connect to (default is
%s:%s)\n,SSL_HOST_NAME,PORT_STR);
@@ -289,12 +293,12 @@ int MAIN(int argc, char **argv)
int off=0;
SSL *con=NULL,*con2=NULL;
X509_STORE *store = NULL;
- int s,k,width,state=0;
+ int s,k,width,state=0, af=AF_UNSPEC;
char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
int cbuf_len,cbuf_off;
int sbuf_len,sbuf_off;
fd_set readfds,writefds;
- short port=PORT;
+ char *port=PORT_STR;
int full_log=1;
char *host=SSL_HOST_NAME;
char *cert_file=NULL,*key_file=NULL;
@@ -391,8 +395,8 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,-port) == 0)
{
if (--argc 1) goto bad;
- port=atoi(*(++argv));
- if (port == 0) goto bad;
+ port= *(++argv);
+ if (port == NULL || *port == '\0') goto bad;
}
else if (strcmp(*argv,-connect) == 0)
{
@@ -578,6 +582,8 @@ int MAIN(int argc, char **argv)
if (--argc 1) goto bad;
inrand= *(++argv);
}
+ else if (strcmp(*argv,-4) == 0) { af = AF_INET;}
+ else if (strcmp(*argv,-6) == 0) { af = AF_INET6;}
#ifndef OPENSSL_NO_TLSEXT
else if (strcmp(*argv,-servername) == 0)
{
@@ -795,7 +801,7 @@ bad:
re_start:
- if (init_client(s,host,port,sock_type) == 0)
+ if (init_client(s,host,port,sock_type,af) == 0)
{
BIO_printf(bio_err,connect:errno=%d\n,get_last_socket_error());
SHUTDOWN(s);
Index: apps/s_socket.c
===
RCS file: /cvs/src/lib/libssl/src/apps/s_socket.c,v
retrieving revision 1.1.1.6
diff -u -p -r1.1.1.6 s_socket.c
--- apps/s_socket.c 6 Sep 2008 12:15:39 - 1.1.1.6
+++ apps/s_socket.c 30 Jan 2009 03:45:08 -
@@ -96,11 +96,9 @@ static struct hostent *GetHostByName(cha
static void ssl_sock_cleanup(void);
#endif
static int ssl_sock_init(void);
-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
static int init_server(int *sock, int port, int type);
static int init_server_long(int *sock, int port,char *ip, int type);
static int do_accept(int acc_sock, int
Re: [openssl.org #1089] test report for OpenBSD -current
Richard Levitte via RT wrote: [EMAIL PROTECTED] - Mon Jun 6 07:15:40 2005]: Richard Levitte via RT wrote: Thanks for the positive report! Apropos the 'test skipped' stuff, I'm not sure why skipping tests on unbuilt algorithms is self-defeating. It didn't skip only the tests on unbuilt algorithms, it skipped *all* the tests. Ah, good point. I jumped to conclusions too fast, it seems. Sorry about that. I just committed a change, but unfortunately, it's a little late to get it into beta4. Would you be willing to test tomorrow's snapshot (openssl-0.9.8-stable-SNAP-20050607.tar.gz), to ensure it does the right thing before beta5? sorry for not getting back sooner, but beta5 works fine. -d __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: [openssl.org #1089] test report for OpenBSD -current
Richard Levitte via RT wrote: Thanks for the positive report! Apropos the 'test skipped' stuff, I'm not sure why skipping tests on unbuilt algorithms is self-defeating. It didn't skip only the tests on unbuilt algorithms, it skipped *all* the tests. Anyway, I'm resolving this ticket. [EMAIL PROTECTED] - Wed Jun 1 10:10:50 2005]: Hi, Here is a testlog for OpenBSD -current. We probably won't get around to integrating 0.9.8 until after OpenBSD-3.8 is released. I hacked the 'test skipped' stuff our of util/selftest.pl - I think skipping tests because of no-mdc2 and no-rc5 is somewhat self-defeating -d OpenSSL self-test report: OpenSSL version: 0.9.8-beta3 Last change: Correct naming of the 'chil' and '4758cca' ENGINEs. Thi... Options: 386 no-gmp no-krb5 no-mdc2 no-rc5 no-shared no-sse2 no-zlib no-zlib-dynamic OS (uname): OpenBSD baragon.mindrot.org 3.7 BARAGON#26 i386 OS (config): i386-whatever-openbsd Target (default): BSD-x86-elf Target: BSD-x86-elf Compiler: Configured with: Thread model: single gcc version 3.3.5 (propolice) Test passed. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #1089] test report for OpenBSD -current
Hi, Here is a testlog for OpenBSD -current. We probably won't get around to integrating 0.9.8 until after OpenBSD-3.8 is released. I hacked the 'test skipped' stuff our of util/selftest.pl - I think skipping tests because of no-mdc2 and no-rc5 is somewhat self-defeating -d OpenSSL self-test report: OpenSSL version: 0.9.8-beta3 Last change: Correct naming of the 'chil' and '4758cca' ENGINEs. Thi... Options: 386 no-gmp no-krb5 no-mdc2 no-rc5 no-shared no-sse2 no-zlib no-zlib-dynamic OS (uname): OpenBSD baragon.mindrot.org 3.7 BARAGON#26 i386 OS (config): i386-whatever-openbsd Target (default): BSD-x86-elf Target: BSD-x86-elf Compiler: Configured with: Thread model: single gcc version 3.3.5 (propolice) Test passed. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
